THREAT INTELLIGENCE ON A DATA EXCHANGE LAYER
First Claim
1. A threat intelligence apparatus adapted for use on a data exchange layer (DXL), comprising:
- a network interface;
a DXL client engine operable for communicatively coupling the apparatus to a DXL enterprise security bus (ESB); and
one or more logic elements comprising a threat intelligence engine operable for;
aggregating reputation data for a network object via a plurality of DXL messages;
computing a composite reputation for the network object;
receiving from a DXL endpoint a DXL request message for a reputation for the object; and
providing the composite reputation via a DXL message.
12 Assignments
0 Petitions
Accused Products
Abstract
In an example, a threat intelligence controller is configured to operate on a data exchange layer (DXL). The threat intelligence controller acts as a DXL consumer of reputation data for a network object, which may be reported in various different types and from various different sources. Of the devices authorized to act as reputation data producers, each may have its own trust level. As the threat intelligence controller aggregates data from various providers, it may weight the reputation reports according to trust level. The threat intelligence engine thus builds a composite reputation for the object. When it receives a DXL message requesting a reputation for the object, it publishes the composite reputation on the DXL bus.
-
Citations
25 Claims
-
1. A threat intelligence apparatus adapted for use on a data exchange layer (DXL), comprising:
-
a network interface; a DXL client engine operable for communicatively coupling the apparatus to a DXL enterprise security bus (ESB); and one or more logic elements comprising a threat intelligence engine operable for; aggregating reputation data for a network object via a plurality of DXL messages; computing a composite reputation for the network object; receiving from a DXL endpoint a DXL request message for a reputation for the object; and providing the composite reputation via a DXL message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer-readable mediums having stored thereon executable instructions for providing a threat intelligence engine operable for:
-
subscribing to a data exchange layer (DXL) object reputation topic; aggregating reputation data for a network object via a plurality of object reputation DXL messages; computing a composite reputation for the network object; receiving from a DXL endpoint a DXL request message for a reputation for the object; and providing the composite reputation via a DXL message. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of providing a server engine, comprising:
-
subscribing to a data exchange layer (DXL) object reputation topic; aggregating reputation data for a network object via a plurality of object reputation DXL messages; computing a composite reputation for the network object; receiving from a DXL endpoint a DXL request message for a reputation for the object; and providing the composite reputation via a DXL message. - View Dependent Claims (25)
-
Specification